diff --git a/pam-1.0.91-std-noclose.patch b/pam-1.0.91-std-noclose.patch index e08366f..b1a4af8 100644 --- a/pam-1.0.91-std-noclose.patch +++ b/pam-1.0.91-std-noclose.patch @@ -42,8 +42,17 @@ diff -up Linux-PAM-1.0.91/modules/pam_unix/pam_unix_passwd.c.std-noclose Linux-P diff -up Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c.std-noclose Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c --- Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c.std-noclose 2009-03-03 14:56:01.000000000 +0100 -+++ Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c 2009-03-13 17:33:21.000000000 +0100 -@@ -106,10 +106,8 @@ int _unix_run_verify_binary(pam_handle_t ++++ Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c 2009-03-17 15:08:51.000000000 +0100 +@@ -100,16 +100,17 @@ int _unix_run_verify_binary(pam_handle_t + + /* reopen stdout as pipe */ + dup2(fds[1], STDOUT_FILENO); ++ /* and replace also the stdin so we do not exec the helper with ++ tty as stdin, it will not read anything from there anyway */ ++ dup2(fds[0], STDIN_FILENO); + + /* XXX - should really tidy up PAM here too */ + if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { if (rlim.rlim_max >= MAX_FD_NO) rlim.rlim_max = MAX_FD_NO; diff --git a/pam.spec b/pam.spec index bf7a8f1..d88e1b3 100644 --- a/pam.spec +++ b/pam.spec @@ -3,7 +3,7 @@ Summary: An extensible library which provides authentication for applications Name: pam Version: 1.0.91 -Release: 2%{?dist} +Release: 3%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+, # pam_rhosts_auth module is BSD with advertising @@ -315,6 +315,9 @@ fi %doc doc/adg/*.txt doc/adg/html %changelog +* Tue Mar 16 2009 Tomas Mraz 1.0.91-3 +- we must replace the stdin when execing the helper (#490644) + * Mon Mar 16 2009 Tomas Mraz 1.0.91-2 - do not close stdout/err when execing the helpers (#488147)